Backport PR #1975: add Authorization to allowed CORS headers

so that CORS requests can use token authentication in the Authorization header by default.

cf jupyterlab/jupyterlab#1416

Signed-off-by: Min RK <[email protected]>

Author: minrk

notebook/base/handlers.py

@@ -414,7 +414,7 @@ def finish(self, *args, **kwargs):
         return super(APIHandler, self).finish(*args, **kwargs)
 
     def options(self, *args, **kwargs):
-        self.set_header('Access-Control-Allow-Headers', 'accept, content-type')
+        self.set_header('Access-Control-Allow-Headers', 'accept, content-type, authorization')
         self.set_header('Access-Control-Allow-Methods',
                         'GET, PUT, POST, PATCH, DELETE, OPTIONS')
         self.finish()